libvirt/tests
Laine Stump 513122ae93 network: don't forward DNS requests from isolated networks
This is in response to:

  https://bugzilla.redhat.com/show_bug.cgi?id=723862

which points out that a guest on an "isolated" network could
potentially exploit the DNS forwarding provided by dnsmasq to create a
communication channel to the outside.

This patch eliminates that possibility by adding the "--no-resolv"
argument to the dnsmasq commandline, which tells dnsmasq to not
forward on any requests that it can't resolve itself (by looking at
its own static hosts files and runtime list of dhcp clients), but to
instead return a failure for those requests.

This shouldn't cause any undesirable change from current
behavior, even in the case where a guest is currently configured with
multiple interfaces, one of them being connected to an isolated
network, and another to a network that does have connectivity to the
outside. If the isolated network's DNS server is queried for a name
it doesn't know, it will return "Refused" rather than "Unknown", which
indicates to the guest that it should query other servers, so it then
queries the connected DNS server, and gets the desired response.
2011-07-29 17:23:55 -04:00
..
capabilityschemadata microblaze: Add architecture support 2011-07-07 17:49:21 -06:00
commanddata freebsd: Avoid /bin/true in commandtest 2011-07-29 12:12:58 +02:00
confdata maint: improve tests distribution 2010-12-17 11:57:11 -07:00
cputestdata tests: Add unit tests for internal CPU APIs 2010-12-01 14:12:54 +01:00
domainschemadata schema: Move timer element inside clock 2010-11-09 15:35:43 +01:00
domainsnapshotxml2xmlin
domainsnapshotxml2xmlout
interfaceschemadata
networkxml2argvdata network: don't forward DNS requests from isolated networks 2011-07-29 17:23:55 -04:00
networkxml2xmlin bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
networkxml2xmlout bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
nodedevschemadata
nodeinfodata
nwfilterxml2xmlin nwfilter: enable filtering of gratuitous ARP packets 2011-05-23 19:41:18 -04:00
nwfilterxml2xmlout nwfilter: enable filtering of gratuitous ARP packets 2011-05-23 19:41:18 -04:00
qemuhelpdata Add txmode attribute to interface XML for virtio backend 2011-02-17 11:07:58 -05:00
qemuxml2argvdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
qemuxml2xmloutdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
sexpr2xmldata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
storagepoolxml2xmlin storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagepoolxml2xmlout storage: add support for Vendor and Model in XML 2010-08-19 15:58:43 -06:00
storagevolxml2xmlin
storagevolxml2xmlout
vmx2xmldata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
xencapsdata maint: improve tests distribution 2010-12-17 11:57:11 -07:00
xmconfigdata conf: add <listen> subelement to domain <graphics> element 2011-07-28 13:46:39 -04:00
xml2sexprdata Do not drop kernel cmdline for xen pv domains 2011-07-11 09:11:15 -06:00
xml2vmxdata esx: Fix regression in absolute file name handling 2011-05-26 23:32:44 +02:00
.gitignore Add a test case for certificate validation 2011-07-22 15:18:32 +01:00
.valgrind.supp tests: suppress more valgrind situations 2011-05-03 08:03:39 -06:00
capabilityschematest
commandhelper.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
commandtest.c freebsd: Avoid /bin/true in commandtest 2011-07-29 12:12:58 +02:00
conftest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
cpuset
cputest.c maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
daemon-conf tests: fix daemon-conf testing failure 2010-11-03 11:43:11 +01:00
define-dev-segfault Add domain type checking 2011-07-11 19:38:51 +02:00
domainschematest tests: Test qemuxml2xml when expected xml changes 2010-07-28 16:47:56 -04:00
domainsnapshotschematest
esxutilstest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
eventtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
hashdata.h tests: More unit tests for internal hash APIs 2011-04-27 15:32:30 +02:00
hashtest.c hash: fix memory leak regression 2011-04-29 14:26:40 -06:00
int-overflow tests: Don't use bash if we don't have to 2011-07-29 17:17:21 +02:00
interfaceschematest
interfacexml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
jsontest.c Add test case for parsing JSON docs 2011-06-30 18:04:02 +01:00
libvirtd-fail
libvirtd-pool
Makefile.am build: avoid non-portable shell in test setup 2011-07-29 11:47:18 -06:00
networkschematest
networkxml2argvtest.c network: Fix dnsmasq hostsfile creation logic and related tests 2011-06-29 01:59:34 +02:00
networkxml2xmltest.c bandwidth: Add test cases for network 2011-07-25 13:50:06 +08:00
nodedevschematest
nodedevxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
nodeinfotest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
nwfilterschematest
nwfilterxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
object-locking.ml maint: typo fixes 2011-06-24 08:01:10 -06:00
oomtrace.pl maint: mark more perl scripts executable 2011-05-16 10:12:21 -06:00
openvzutilstest.c openvz: Add simple test for openvzReadNetworkConf 2011-06-01 11:58:15 +02:00
openvzutilstest.conf openvz: Add simple test for openvzReadNetworkConf 2011-06-01 11:58:15 +02:00
pkix_asn1_tab.c Add a test case for certificate validation 2011-07-22 15:18:32 +01:00
qemuargv2xmltest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
qemuhelptest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
qemuxml2argvtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
qemuxml2xmltest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
qparamtest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
read-bufsiz build: use portable sed expressions 2010-09-14 08:42:10 -06:00
read-non-seekable
reconnect.c tests: Improve output of tests that decide to skip at runtime 2011-07-09 15:47:57 +02:00
schematestutils.sh
seclabeltest.c Refactor the security drivers to simplify usage 2011-01-10 18:10:52 +00:00
sexpr2xmltest.c Do not drop kernel cmdline for xen pv domains 2011-07-11 09:11:15 -06:00
sockettest.c tests: simplify common setup 2011-04-29 10:21:20 -06:00
ssh.c Introduce a generic object for using network sockets 2011-06-24 11:48:18 +01:00
start
statstest.c Skip some xen tests if xend is not running 2011-07-07 17:23:09 -06:00
storagepoolschematest
storagepoolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
storagevolschematest
storagevolxml2xmltest.c tests: Lower stack usage below 4096 bytes 2011-04-30 19:59:52 +02:00
test_conf.sh
test-lib.sh tests: simplify formatting 2011-07-11 09:21:37 -06:00
testutils.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
testutils.h Provide a simple object for encoding/decoding RPC messages 2011-06-24 11:48:14 +01:00
testutilsqemu.c tests: Fake host capabilities properly 2011-02-15 22:51:37 +01:00
testutilsqemu.h
testutilsxen.c
testutilsxen.h
undefine
utiltest.c build: avoid 'make syntax-check' failure 2011-07-01 16:46:20 -06:00
vcpupin
virbuftest.c maint: rename virBufferVSprintf to virBufferAsprintf 2011-05-05 13:47:40 -06:00
virnetmessagetest.c tests: Fix memory leak in virnetmessagetest 2011-06-29 10:47:54 +08:00
virnetsockettest.c remote/ssh: optional "keyfile" parameter. 2011-07-22 07:49:49 -06:00
virnettlscontexttest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
virsh-all
virsh-optparse virsh: fix previous patch 2011-07-14 07:14:05 -06:00
virsh-schedinfo
virsh-synopsis
virshtest.c tests: Unify style of test skipping code 2011-07-29 12:12:58 +02:00
virt-aa-helper-test virt-aa-helper-test cleanups 2010-09-30 15:01:36 -06:00
vmx2xmltest.c tests: Use EXIT_AM_SKIP instead of 77 directly 2011-07-09 10:14:38 +02:00
xencapstest.c build: rename files.h to virfile.h 2011-07-21 10:34:51 -06:00
xmconfigtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2sexprtest.c Add domain type checking 2011-07-11 19:38:51 +02:00
xml2vmxtest.c Add domain type checking 2011-07-11 19:38:51 +02:00